Documentation ¶
Index ¶
Constants ¶
const EncryptKeyEmpty = EncryptKey(0)
Variables ¶
var ( ResourceKindCNP = ResourceKind("cnp") ResourceKindCCNP = ResourceKind("ccnp") ResourceKindDaemon = ResourceKind("daemon") ResourceKindEndpoint = ResourceKind("ep") ResourceKindFile = ResourceKind("file") ResourceKindNetpol = ResourceKind("netpol") ResourceKindNode = ResourceKind("node") )
Functions ¶
This section is empty.
Types ¶
type DatapathHandler ¶
type DatapathHandler interface {
UpdatePolicyMaps(context.Context, *sync.WaitGroup) *sync.WaitGroup
}
DatapathHandler is responsible for ensuring that policy updates in the core policy engine are pushed into the underlying BPF policy maps, to ensure that the policies are actively being enforced in the datapath for any new identities that have been updated using 'PolicyHandler'.
Wait on the returned sync.WaitGroup to ensure that the operation is complete before updating the datapath's IPCache maps.
type EncryptKey ¶
type EncryptKey uint8
EncryptKey is the identity of the encryption key. This type implements ipcache.IPMetadata
func (EncryptKey) IsValid ¶
func (e EncryptKey) IsValid() bool
func (EncryptKey) String ¶
func (e EncryptKey) String() string
func (EncryptKey) Uint8 ¶
func (e EncryptKey) Uint8() uint8
type IPListEntrySlice ¶
type IPListEntrySlice []*models.IPListEntry
func (IPListEntrySlice) Len ¶
func (s IPListEntrySlice) Len() int
func (IPListEntrySlice) Less ¶
func (s IPListEntrySlice) Less(i, j int) bool
Less sorts the IPListEntry objects by CIDR prefix then IP address. Given that the same IP cannot map to more than one identity, no further sorting is performed.
func (IPListEntrySlice) Swap ¶
func (s IPListEntrySlice) Swap(i, j int)
type PolicyHandler ¶
type PolicyHandler interface {
UpdateIdentities(added, deleted identity.IdentityMap, wg *sync.WaitGroup)
}
PolicyHandler is responsible for handling identity updates into the core policy engine. See SelectorCache.UpdateIdentities() for more details.
type RequestedIdentity ¶ added in v1.15.0
type RequestedIdentity identity.NumericIdentity
RequestedIdentity is a desired numeric identity for the prefix. When the prefix is next injected, this numeric ID will be requested from the local allocator. If the allocator can accommodate that request, it will do so. In order for this to be useful, the prefix must not already have an identity (or its set of labels must have changed), and that numeric identity must be free. Thus, the numeric ID should have already been held-aside in the allocator using WithholdLocalIdentities(). That will ensure the numeric ID remains free for the prefix to request.
func (RequestedIdentity) ID ¶ added in v1.15.0
func (id RequestedIdentity) ID() identity.NumericIdentity
func (RequestedIdentity) IsValid ¶ added in v1.15.0
func (id RequestedIdentity) IsValid() bool
type ResourceID ¶
type ResourceID string
ResourceID identifies a unique copy of a resource that provides a source for information tied to an IP address in the IPCache.
func NewResourceID ¶
func NewResourceID(kind ResourceKind, namespace, name string) ResourceID
NewResourceID returns a ResourceID populated with the standard fields for uniquely identifying a source of IPCache information.
type ResourceKind ¶
type ResourceKind string
ResourceKind determines the source of the ResourceID. Typically this is the short name for the k8s resource.
type TunnelPeer ¶
TunnelPeer is the IP address of the host associated with this prefix. This is typically used to establish a tunnel, e.g. in tunnel mode or for encryption. This type implements ipcache.IPMetadata
func (TunnelPeer) IP ¶
func (t TunnelPeer) IP() net.IP